Home > Vulnerability Database > CVE-2017-15023

Mend.io Vulnerability Database

CVE-2017-15023

Good to know:

Date: October 4, 2017

read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

Language: C

Severity Score

5.5

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-15023

Url: https://sourceware.org/bugzilla/show_bug.cgi?id=22200

Url: http://www.securityfocus.com/bid/101611

Url: https://access.redhat.com/security/cve/CVE-2017-15023

Url: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf

Url: https://security.gentoo.org/glsa/201801-01

Url: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/

Url: https://security-tracker.debian.org/tracker/CVE-2017-15023

Url: https://www.mend.io/vulnerability-database/CVE-2017-15023

Severity Score

5.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version binutils-2_30

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-15023

Good to know:

Date: October 4, 2017

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?